|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58970 Incompatible with mod_security2
Submitted: 2009-12-02 13:54 UTC Modified: 2020-01-26 01:03 UTC
From: blepore at igniteworldwide dot com Assigned: ramsey (profile)
Status: Assigned Package: uploadprogress (PECL)
PHP Version: 5.2.6 OS: CentOs
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: blepore at igniteworldwide dot com
New email:
PHP Version: OS:


 [2009-12-02 13:54 UTC] blepore at igniteworldwide dot com
No temp file is created when mod_security2 is enabled.

Possible cause that I have found is that PHP writes to a different file name in the user's temp directory when mod_security is enabled compared to when it is not.

Sample temp files created when mod_security is disabled:

where "805677.1259779397" is the UPLOAD_IDENTIFIER.

Sample temp files created when mod_security is enabled:


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-12-02 15:06 UTC] blepore at igniteworldwide dot com
If this cannot be accomplished, it is worth adding to the documentation that setting SecRequestBodyAccess to Off will work around the issue (though leave the site more vulnerable).
 [2010-01-08 03:14 UTC] leahy_rich at hotmail dot com
Has there been any progress or work arounds to this isssue without changing mod_security2 yet as i am having this problem?
 [2010-01-08 05:06 UTC]
The current workaround is mentioned by "blepore at 
igniteworldwide dot com" in the comment above...

I don't have the time nor the intend to dig into that problem 
as I'm not using mod_security
 [2010-02-21 12:47 UTC] php at gileskennedy dot com
The problem is recognised over at

"In order to block 100% reliably we need to buffer; there's 
question about that. However, buffering is not always the 
best, or 
even desired, approach. Some mechanisms (such as file upload 
progress bars) rely on having a free flow of data..."

But that won't be addressed until mod_security 3 and I've 
not found 
any info on when mod_security 3 is likely to be 
released. Very unlikely this year I'd have thought; a 2.6 
release is 
planned first and there's been very little activity on v3 as 
 [2011-08-18 13:04 UTC] 1041963598 at qq dot com
Whoever wrote this, you know how to make a good atricle.
 [2011-08-29 21:43 UTC] dean at khmin dot org
<a href="">valtrex</a> >:( <a href="">buy lexapro mg online</a> zxoq
 [2017-10-24 09:01 UTC]
-Status: Open +Status: Suspended
 [2017-10-24 09:01 UTC]
This package has not had any releases for 6 years, so I'm gonna suspend it, any new maintainer that decides to pick this up can re-open this ticket.
 [2020-01-26 01:03 UTC]
-Assigned To: +Assigned To: ramsey
 [2020-01-26 01:03 UTC]
-Status: Suspended +Status: Assigned
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Tue Aug 03 23:01:23 2021 UTC